CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-3875 MEDIUM
Cisco Nexus 7000 Series Switches - Auth Bypass
CVSS 5.3
CVE-2017-6961 MEDIUM
apng2gif 1.7 - Denial of Service via Memory Allocation in read_chunk
CVSS 5.5
CVE-2017-6955 MEDIUM
WordPress Invite Anyone <1.3.15 - Info Disclosure
CVSS 5.3
CVE-2017-0148 HIGH KEV
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
CVSS 8.1
CVE-2017-0109 HIGH
Hyper-V in Microsoft Windows - Remote Code Execution via Crafted Application
CVSS 7.6
CVE-2017-0099 MEDIUM
Hyper-V in Microsoft Windows - Denial of Service via Crafted Application
CVSS 5.4
CVE-2017-0098 MEDIUM
Hyper-V in Windows 10 Gold, 1511, 1607 and Windows Server 2016 - Denial of Service via Crafted Application
CVSS 5.4
CVE-2017-0097 MEDIUM
Microsoft Windows 10 - Improper Input Validation
CVSS 5.4
CVE-2017-0095 HIGH
Hyper-V in Microsoft Windows 10 Gold, 1511, 1607 and Windows Server 2016 - Remote Code Execution via vSMB Packet Data
CVSS 7.6
CVE-2017-0076 MEDIUM
Hyper-V in Microsoft Windows - Denial of Service via Crafted Application
CVSS 5.4
CVE-2017-0074 MEDIUM
Hyper-V in Microsoft Windows - Denial of Service via Crafted Application
CVSS 5.4
CVE-2017-0069 MEDIUM
Microsoft Edge - Web Content Spoofing via Crafted Web Site
CVSS 4.3
CVE-2017-0033 MEDIUM
Microsoft Internet Explorer 11 and Edge - Web Content Spoofing via Crafted Website
CVSS 4.3
CVE-2017-0012 MEDIUM
Microsoft Internet Explorer 11 and Microsoft Edge - Web Content Spoofing
CVSS 4.3
CVE-2017-0007 MEDIUM
Microsoft Windows 10/Server 2016 Device Guard PowerShell Security Feature Bypass
CVSS 5.5
CVE-2017-3846 HIGH
Cisco Workload Automation & Tidal Enterprise Scheduler - Unauthenticated Arbitrary File Read
CVSS 8.6
CVE-2017-5359 HIGH
EasyCom SQL iPlug - Denial of Service via D$EVAL Parameter
CVSS 7.5
CVE-2017-6440 MEDIUM
libplist 1.12 - Denial of Service via Crafted Plist File
CVSS 5.0
CVE-2017-6436 MEDIUM
libplist 1.12 - Denial of Service via Crafted plist File
CVSS 5.0
CVE-2017-6516 MEDIUM
MagniComp SysInfo mcsiwrapper Privilege Escalation
CVSS 6.7
CVE-2017-6367 HIGH
Cerberus FTP Server 8.0.10.1 - Denial of Service via Long Host Header
CVSS 7.5
CVE-2017-6815 MEDIUM
WordPress < 4.7.3 - URL Validation Bypass via Control Characters
CVSS 6.1
CVE-2017-6466 HIGH
F-Secure Software Updater 2.20 - Unauthenticated Arbitrary Code Execution via Man-in-the-Middle File Replacement
CVSS 8.1
CVE-2017-5872 HIGH
Unisys ClearPath MCP TCP-IP-SW DoS via TLS 1.2 Client Hello Signature Algorithms Extension
CVSS 7.5
CVE-2017-0499 MEDIUM
Android 5.1.1 6.0 6.0.1 7.0 7.1.1 - Denial of Service in Audioserver
CVSS 5.5
Details
Vulnerabilities 12,622
Exploit Likelihood High